Google has released August security updates for Android, which include patches for six vulnerabilities. Two of these issues are related to Qualcomm components and have already been used in targeted attacks.
The vulnerabilities that were under attack have been assigned the identifiers CVE-2025-21479 and CVE-2025-27038, and the Android security team learned about them back in January 2025.
The first issue (CVE-2025-21479) is related to incorrect authorization in the Graphics framework, which may lead to memory corruption due to the execution of unauthorized commands in the GPU micro-module under a specific sequence of commands.
The second issue (CVE-2025-27038) is a use-after-free bug that causes memory corruption when using Adreno GPU drivers for rendering in Chrome.
It is noted that Google included patches in the update, announced by Qualcomm back in June of this year. At that time, the manufacturer warned that, according to specialists at Google Threat Analysis Group, vulnerabilities CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 could be exploited “in limited targeted attacks.”
“In May, OEM partners were provided with fixes for issues affecting the Adreno GPU driver, along with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm reported at the time.
With the release of the August updates, Google also fixed a critical vulnerability in the System component (CVE-2025-48530). This issue could be exploited for remote unauthenticated code execution, but only if combined with other bugs. Moreover, no user interaction was required.
Google developers have traditionally released two levels of updates: 2025-08-01 and 2025-08-05. The latter includes all patches from the former, as well as fixes for closed-source components and kernel subsystems that may not be applicable to all Android devices.
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.03.12 — Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…
Full article →
2025.01.27 — Zyxel firewalls reboot due to flawed update
Zyxel warned its customers that a recent signature update may cause critical errors in USG FLEX and ATP series firewalls. As a result, devices go into…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti
A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →